Message ID | 20240830110533.2544070-2-berrange@redhat.com |
---|---|
State | New |
Headers | show |
Series | crypto: misc pbkdf fixes for testing & algorithm compat | expand |
On 30/8/24 13:05, Daniel P. Berrangé wrote: > Both gnutls and gcrypt can be configured to exclude support for certain > algorithms via a runtime check against system crypto policies. Thus it > is not sufficient to have a compile time test for hash support in their > pbkdf implementations. > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > crypto/pbkdf-gcrypt.c | 2 +- > crypto/pbkdf-gnutls.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
diff --git a/crypto/pbkdf-gcrypt.c b/crypto/pbkdf-gcrypt.c index a8d8e64f4d..bc0719c831 100644 --- a/crypto/pbkdf-gcrypt.c +++ b/crypto/pbkdf-gcrypt.c @@ -33,7 +33,7 @@ bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash) case QCRYPTO_HASH_ALG_SHA384: case QCRYPTO_HASH_ALG_SHA512: case QCRYPTO_HASH_ALG_RIPEMD160: - return true; + return qcrypto_hash_supports(hash); default: return false; } diff --git a/crypto/pbkdf-gnutls.c b/crypto/pbkdf-gnutls.c index 2dfbbd382c..911b565bea 100644 --- a/crypto/pbkdf-gnutls.c +++ b/crypto/pbkdf-gnutls.c @@ -33,7 +33,7 @@ bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash) case QCRYPTO_HASH_ALG_SHA384: case QCRYPTO_HASH_ALG_SHA512: case QCRYPTO_HASH_ALG_RIPEMD160: - return true; + return qcrypto_hash_supports(hash); default: return false; }
Both gnutls and gcrypt can be configured to exclude support for certain algorithms via a runtime check against system crypto policies. Thus it is not sufficient to have a compile time test for hash support in their pbkdf implementations. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- crypto/pbkdf-gcrypt.c | 2 +- crypto/pbkdf-gnutls.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)